Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bundle licenses into container images #3229

Open
tgeoghegan opened this issue Jun 11, 2024 · 1 comment
Open

Bundle licenses into container images #3229

tgeoghegan opened this issue Jun 11, 2024 · 1 comment

Comments

@tgeoghegan
Copy link
Contributor

Licenses like 3-clause BSD or Unicode v3 include a requirement that the license be included with any binary distributions of software (i.e., Janus) that uses dependencies covered by those licenses (i.e. our numerous deps that use these).

My reading of these licenses is that we do not need to worry about redistributing them with Janus sources: we don't distribute the source code of dependencies. Some entity using Janus does when they run cargo build/test/run. This applies to the crates we ship: we distribute only source code to crates.io and docs.rs, so that's fine.

However the binary artifacts we distribute should include Janus' license, as well as the licenses of dependencies.

For container images, David Cook suggested putting them in /usr/share/common-licenses or /usr/share/*/copyright. We could invent some build step that walks the dep tree, extracts licenses and blats them into container images... or a cheekier fix would be to include every license enumerated in licenses.allow in Janus' deny.toml.

@divergentdave
Copy link
Contributor

This could help with gathering licenses of dependencies: https://embarkstudios.github.io/cargo-about/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants